Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAE2SPAYOhhb95+8wygCE4bXvcCujVEV+LpZgXz-r6v66+0HcPQ@mail.gmail.com>
Date: Fri, 7 Nov 2014 20:59:37 +0100
From: Bastien ROUCARIES <roucaries.bastien@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Asking for CVE for imagemagick

On Fri, Nov 7, 2014 at 8:41 PM, Bastien ROUCARIES
<roucaries.bastien@...il.com> wrote:
> Hi,
>
> I am asking for two CVE for imagemagick (two DOS):
> - Converting some specially crafted jpeg could lead to a dos (see
> http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26456)
> - Converting some dcm file could lead to crash then DOS:
> Fix last value in dicom_info and added missing != NULL check.
>
> Fix a buffer overflow in dcm reader by checking the dcm file.
> This problem was discovered by fuzzing some dcm file.

Sorry the DCM problem was CVE-2014-8562 ImageMagick: out-of-bounds
memory error in DCM decode

The jpeg one is new.

Bastien
> Thanks
>
> Bastien

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.